See you there.
Nice, I think most people instantly change the randomly generated password to something more useful, so just giving them a link to do this reduces the number of steps necessary :) You could also put a link in the e-mail that cancels the token in case the user didn't request it himself!
Filip, yes, the email for token invalidation is a very good idea indeed. Many thanks :D
You've been kicked (a good thing) - Trackback from DotNetKicks.com
Is there any way to prevent the password reset from logging in the user whose password we are resetting?
I really want to use this example in ad administrative section but logging out the admin is not desirable.
Otherwise this code works perfect as advertised.
JAndrews, Yes, you can do that. Basically the control is logging in the current user based on a certain condition.
It only logs the user in if the MembershipUser is approved, note that MembershipUser has an approved property or if the MembershipUser is not Locked out. So if both these conditions are true in your case, you can temporarily set approve to false on the membership user and update the membership, during the ChangingPassword event and re-enable it again immidiately in the ChantedPassword Event.
This is a workaround ofcourse, and since this is an admin feature, the extra hits to your db for these two operations might not seem like a big deal, so all in all i find this workaround feasible.
Do you use the PasswordRecovery control to manage the reset? If so, how do you retrieve the new (temporary) password so that you can tokenize it? I've look all over and cannot find it.
Thanks for your kind reply.This code will very helpful to me to overcome the problem.So i really thankful to you people.
I've tried the code for problem <a>,
it's work on "CurrentPassword" and "CurrentPasswordRequired",
but not for "CurrentPasswordLabel" (.FindControl can't find it)
I'm work it on VS2008, any idea?
An other solution for the RequiredFieldValidator is to put Junk in that field and change it in the ChangingPassword !!
How can I make an other user (depending on role) to be able to change any users passwords, because when the change is confirmed, that user becomes the logged one.
I'm getting closer just need to learn how to make a tokenized link
Good one.. i think there are very few resources on this.